Hi I have windows 2008 R2 Domain and Exchange 2010 . So to use OWA internal, need the Certificate.( without SSL error page) So how do i setup that? AS

Exchange 2010 installation with create a self signed cert issued by the Exchange server itself which you can get to locally using https://CASserver/owa. However your clients will get a cert warning since it's not inherently trusted. You need to get an external SSL cert with all the required SAN names. autodiscover.company.com webmail.company.com exchangeservername.company.local (optional) http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Create the certificate request in IIS console of CAS. Process the request in a CA. Complete the CR in CAS. Edit the site bindings to use the certificate in OWA in IIS. Install the certificate in the clients.Regards from www.windowsadmin.info | www.blog.windowsadmin.info

Exchange 2010 installation with create a self signed cert issued by the Exchange server itself which you can get to locally using https://CASserver/owa. However your clients will get a cert warning since it's not inherently trusted. You need to get an external SSL cert with all the required SAN names. autodiscover.company.com webmail.company.com exchangeservername.company.local (optional) http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Create the certificate request in IIS console of CAS. Process the request in a CA. Complete the CR in CAS. Edit the site bindings to use the certificate in OWA in IIS. Install the certificate in the clients.Regards from www.windowsadmin.info | www.blog.windowsadmin.info

Hi All, I got one Exchange servr with all in one. And i got the SSL for rest but not for "exchangeservername.company.local" So do i have to install AD CS on PDC and issued the certificate? this is the part i stuck? or get the wildcard SSL for everything? AS

Don't worry if you didnt add exchangeservername.company.local. What do you mean do you have to install AD CS on PDC and issue cert? Did you get the cert from a third party ie godaddy, verisign etc? If so you need to finish off the request from the Exchange server. Yes you can use wildcard but those are typically more expensive and they require a bit more tweaking to get certain services to work.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hi All, And i got the SSL for rest but not for "exchangeservername.company.local" So do i have to install AD CS on PDC and issued the certificate? this is the part i stuck? or get the wildcard SSL for everything? Hi AS, Do you mean you got a 3rd party SSL certificate but not for "exchangeservername.company.local", however, you want your internal users to access OWA via https://exchangeservername.company.local/owa? If yes, and since end user only use OWA internally, a certificate issued by internal CA is enough(domain-joined clients will trust internal root CA automatically). You can follow the below link: How to Issue a SAN Certificate to Exchange Server 2010 from a Private Certificate Authority http://exchangeserverpro.com/how-to-issue-a-san-certificate-to-exchange-server-2010-from-a-private-certificate-authority If you want to use 3rd party certificate, you have to contact the certificate issuer to renew the certificate. Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. Frank Wang TechNet Community Support

Hi All, And i got the SSL for rest but not for "exchangeservername.company.local" So do i have to install AD CS on PDC and issued the certificate? this is the part i stuck? or get the wildcard SSL for everything? Hi AS, Do you mean you got a 3rd party SSL certificate but not for "exchangeservername.company.local", however, you want your internal users to access OWA via https://exchangeservername.company.local/owa? If yes, and since end user only use OWA internally, a certificate issued by internal CA is enough(domain-joined clients will trust internal root CA automatically). You can follow the below link: How to Issue a SAN Certificate to Exchange Server 2010 from a Private Certificate Authority http://exchangeserverpro.com/how-to-issue-a-san-certificate-to-exchange-server-2010-from-a-private-certificate-authority If you want to use 3rd party certificate, you have to contact the certificate issuer to renew the certificate. Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. Frank Wang TechNet Community Support

Hi AS, Any updates?Frank Wang TechNet Community Support